RFC 4861 says:
Target link-layer address
The link-layer address for the target, i.e., the
sender of the advertisement. This option MUST be
included on link layers that have addresses when
responding to multicast solicitations. When
responding to a unicast Neighbor Solicitation this
option SHOULD be included.
The option MUST be included for multicast
solicitations in order to avoid infinite Neighbor
Solicitation "recursion" when the peer node does
not have a cache entry to return a Neighbor
Advertisements message.
diff --git sys/netinet6/nd6_nbr.c sys/netinet6/nd6_nbr.c
index 90e7d19..c6cd139 100644
--- sys/netinet6/nd6_nbr.c
+++ sys/netinet6/nd6_nbr.c
@@ -605,6 +605,13 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
goto freeit;
}
+ if (IN6_IS_ADDR_MULTICAST(&daddr6) && !ndopts.nd_opts_tgt_lladdr) {
+ nd6log((LOG_INFO,
+ "nd6_na_input: multicast adv without TLLA\n"));
+ /* nd6_options have incremented stats */
+ goto freeit;
+ }
+
if (ndopts.nd_opts_tgt_lladdr) {
lladdr = (char *)(ndopts.nd_opts_tgt_lladdr + 1);
lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
